- Microsoft Windows chief decries standards grandstanding
- The 5 best, and 5 worst, features of Google Chrome OS
- Federal government using PS3 to crack pedophile passwords
- 10G Ethernet cheat sheet
- Top 10 free Windows tools for IT pros, at a glance
Storage analyst Deni Connor focuses on storage, application and infrastructure management in this twice-weekly newsletter.
Capturing top position in last week's Stupid IT Tricks Competition are the good folks at CardSystems Solutions in Atlanta. This company processes credit card and other payments for banks and merchants and, inadvertently, for hackers as well. Its unencrypted data was hacked last month, with the likely result that information on 40 million credit card accounts was compromised.
America Express, Discover, MasterCard, Visa, take your pick (somebody else apparently already has) were all affected. Check this month's credit card statements carefully when they arrive.
Questionable management of "secure data" is in the news far too frequently these days. Ameritrade, Bank of America, Citigroup, Lexus/Nexus, Time Warner, most of which I reported on last month, have all dropped the ball in recent months when it comes to data security. Oftentimes the data just "disappears" in transit to a third-party data repository like Iron Mountain; sometimes it goes missing when being shipped between facilities within the same company, and on frequent occasions, it is actively attacked from both inside and outside the firewall as was the case with CardSystems. In all instances listed above none of the data was encrypted, which certainly leads us to wonder about the seemingly cavalier attitude assumed by the companies to whom it was entrusted.
IT managers tend to avoid encrypting data for any of several reasons. In some cases, there is no corporate emphasis on security to support investment in encryption technology. More frequently, they are concerned that encryption will add to the time it takes to access or back up data, so amid all their other time constraints they avoid adding what seems to be another "cycle-sucker" to their operations. Most frequently, I suspect they just keep their fingers crossed and hope that when something hits the fan it won't occur at their shop.
Lots of alternatives are available to support encryption of data at rest. Security software vendors like Decru (acquired last week by Network Appliance), Neoscale and Vormetric offer solutions that can be dropped-in, appliance-like, in most environments. These will take care of protecting data on your storage-area network.
If your concern is about encrypting tapes to protect them while they travel offsite, consider the offerings from FalconStor and Intradyn.
Deni Connor is principal analyst for Storage Strategies NOW.
Rss FeedRss Feed
The Leader in Network Knowledge
Partner Content
www.bmc.com
Gartner 2009 Magic Quadrant for Job Scheduling
Gartner has positioned BMC CONTROL-M in the Leaders Quadrant of their "2009 Magic Quadrant for Job Scheduling." The report assesses the ability to execute and completeness of vision of key vendors in the marketplace. Read a full copy today, courtesy of BMC Software.
Download whitepaper
Dell's SMART Approach to Workload Automation
Read a compelling case study by EMA, Inc. to learn how Dell uses BMC CONTROL-M to cut cost and increase productivity with workload automation.
Download whitepaper
Workload Automation Cost Savings 2 Minute Video
A major computer manufacturer uses BMC CONTROL-M and just four people to schedule and run over 85,000 jobs every month. By switching to BMC CONTROL-M, they more than quadrupled the workload without adding a single staff member. See how in this 2-minute video overview.
Go to video
Comment